]>
Commit | Line | Data |
---|---|---|
e7311a84 WB |
1 | #!/bin/sh |
2 | ||
3 | # lxc: linux Container library | |
4 | ||
5 | # This is a test script for generated apparmor profiles | |
6 | ||
7 | # This library is free software; you can redistribute it and/or | |
8 | # modify it under the terms of the GNU Lesser General Public | |
9 | # License as published by the Free Software Foundation; either | |
10 | # version 2.1 of the License, or (at your option) any later version. | |
11 | ||
12 | # This library is distributed in the hope that it will be useful, | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | # Lesser General Public License for more details. | |
16 | ||
17 | # You should have received a copy of the GNU Lesser General Public | |
18 | # License along with this library; if not, write to the Free Software | |
19 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
20 | ||
21 | if ! which apparmor_parser >/dev/null 2>&1; then | |
22 | echo 'SKIP: test for generated apparmor profiles: apparmor_parser missing' | |
23 | fi | |
24 | exit 0 | |
25 | ||
26 | DONE=0 | |
e7311a84 WB |
27 | LOGFILE="/tmp/lxc-test-$$.log" |
28 | cleanup() { | |
29 | lxc-destroy -n $CONTAINER_NAME >/dev/null 2>&1 || true | |
30 | ||
31 | if [ $DONE -eq 0 ]; then | |
32 | [ -f "$LOGFILE" ] && cat "$LOGFILE" >&2 | |
33 | rm -f "$LOGFILE" | |
34 | echo "FAIL" | |
35 | exit 1 | |
36 | fi | |
37 | rm -f "$LOGFILE" | |
38 | echo "PASS" | |
39 | } | |
40 | ||
e7311a84 WB |
41 | trap cleanup EXIT HUP INT TERM |
42 | set -eu | |
43 | ||
44 | # Create a container | |
45 | CONTAINER_NAME=lxc-test-apparmor-generated | |
46 | ||
acd792c9 | 47 | lxc-create -t busybox -n $CONTAINER_NAME -B dir |
e7311a84 WB |
48 | CONTAINER_PATH=$(dirname $(lxc-info -n $CONTAINER_NAME -c lxc.rootfs.path -H) | sed -e 's/dir://') |
49 | cp $CONTAINER_PATH/config $CONTAINER_PATH/config.bak | |
50 | ||
51 | # Set the profile to be auto-generated | |
52 | echo "lxc.apparmor.profile = generated" >> $CONTAINER_PATH/config | |
53 | ||
54 | # Start it | |
55 | lxc-start -n $CONTAINER_NAME -lDEBUG -o "$LOGFILE" | |
56 | lxc-wait -n $CONTAINER_NAME -t 5 -s RUNNING || (echo "Container didn't start" && exit 1) | |
57 | pid=`lxc-info -p -H -n $CONTAINER_NAME` | |
58 | profile=`cat /proc/$pid/attr/current` | |
59 | expected_profile="lxc-${CONTAINER_NAME}_</var/lib/lxc>//&:lxc-${CONTAINER_NAME}_<-var-lib-lxc>:unconfined (enforce)" | |
60 | lxc-stop -n $CONTAINER_NAME -k | |
61 | if [ "x$profile" != "x$expected_profile" ]; then | |
62 | echo "FAIL: container was in profile $profile" >&2 | |
63 | echo "expected profile: $expected_profile" >&2 | |
64 | exit 1 | |
65 | fi | |
66 | ||
67 | DONE=1 |